NSS Labs 2016 DDoS Prevention Solutions Group Test Research Reveals New Trends

AUSTIN, Texas – March 29, 2016 – NSS Labs, the world’s leading information security research and advisory company, today released its distributed denial-of-service (DDoS) prevention solutions Security Value Map (SVM) and Comparative Report series, evaluating six leading DDoS prevention solutions for security effectiveness, performance, and total cost of ownership (TCO). NSS research indicates the DDoS prevention solution market is $481M with a 13% CAGR.

This is the first public Group Test for DDoS prevention solutions, focusing on volumetric, protocol and application DDoS attacks. DDoS attacks continue to grow in prevalence and have become a key pain point for security professionals. Historically, DDoS protection meant protecting an enterprise’s internet presence. In the constantly evolving battle with cyber criminals, DDoS attacks are now targeting applications inside the networks of enterprise organizations. And while average protection against volumetric and protocol attacks ranged were 94.4% and 95.1% respectively, the average protection against application attacks was only 80%.

The test methodology also addressed stability and performance impact – the ability of a solution to maintain performance while defending against an attack. This gives enterprise buyers a key additional element for evaluations – the ability of the solution to not only detect and mitigate the attack, but to also allow legitimate traffic while the attack is being suppressed. While vendors have largely become adept at protecting against traditional volumetric attacks with little performance impact, stopping a protocol attack can impact performance by as much as 92.5%.

NSS also evaluated cost of ownership using ‘street prices’, capturing vendor discounts in competitive bid situations. Solution discounts ranged from 12% to 42%, while hardware-only discounts ranged from 13% to 50%.

Key findings from the DDoS prevention solution group test include:

  • Three of the six products achieved Recommended status
  • Overall Security Effectiveness ranged from 48.0 to 90.4%
  • Effective protection against volumetric and protocol attacks, but weaker protection against targeted application attacks
  • The average overall performance impact for solutions under attack was 11.0%, with individual solution impact ranging from 0.4% to 40.5%
  • The average total cost of ownership (TCO) per protected megabit per second was US$21, with individual vendor TCO ranging from US$4 to US$84

“DDoS attacks are a top concern for large enterprises and they’ve consistently urged us to include DDoS prevention solutions on our Group Test roadmap,” said Mike Spanbauer, Vice President of Security Test & Advisory for NSS Labs. “This was our first public test of these solutions and the insight we’re now able to provide our customers is going to significantly improve their ability to select and deploy the best solutions for their environments.”

The following products were included in the 2016 DDoS Group Test:

  • Arbor Networks APS 2800 v5.8.1
  • Corero SmartWall v8.10.248
  • F5 BIG-IP 10250v v12.0.0
  • Fortinet FortiDDoS 2000B v4.1.10
  • Huawei AntiDDoS8030 V500R001C00SPC600
  • Radware DefensePro 1006 v6.12.01